And their ToS forbids alternative clients doing that. Say, using Pidgin with PGP or OTR. Since Pidgin plugins for TG and these exist, it’s not a limitation for me, but most people, again, don’t use Pidgin to chat in TG.
Alternate clients are blocked from using that functionality because they may include ability to capture data somewhere, for example taking a screenshot of a protected chat.
The Signal protocol is the de-facto standard for E2EE, and it works just fine even in large group chats. But you refuse to accept this reality. The Signal protocol is used by so many apps, obviously Signal itself, WhatsApp, Facebook Messenger, Instagram direct messages, Google Allo (back when it existed), Google Messages (RCS), Skype, Wire and many others. MTProto is developed by Telegram, only used by telegram, not properly audited and full of flaws. No one should actually use it. And the fact that it doesn’t support group chats is a design choice, because ultimately Telegram doesn’t give a fuck about their users privacy or security. They have repeatedly worked with governments and worked against the interests of their users. Their funding is also pretty unclear and shady, and the entire company just appears scummy. Give me one single reason why anyone should use this trash over a proper E2EE messenger like Signal, Threema, SimpleX or Wire.
You switched the topic of the discussion. My original comment stands, as it corrects some part of your first comment.
I didn’t suggest anyone to use telegram.
They have repeatedly worked with governments and worked against the interests of their users.
Even though those allegations are arguable, I know what you mean. And those cases don’t involve compromising the actual encryption from what I understand.
It doesn’t look like any of those are used by “major” messengers. Especially signal. This means “major” players prefer their own implementations, which removes the meaning from calling unused stuff a “standard”.
OMEMO is literally what’s used by Signal, but standardized separately and adopted for XMPP. You didn’t even bother to look it up apparently.
OTR is a time-honored standard. The issue is that it doesn’t work with multiple logins.
PGP is an even more time-honored standard. The issue is that keys aren’t temporary.
Also in cryptography the absolutely basic rule is to trust cryptographers, not “major players”, so what you wrote is not as smart as you think. Actually quite ignorant.
Stop pretending that Telegram cares about the security of their users, because they clearly aren’t, as can be seen in their shitty encryption protocol, and the fact that by default all messages are stored on their servers in plain text
So if an app doesn’t support e2ee all data is being saved in plain text suddenly. You prefer calling telegram shitty because you don’t care to actually learn what it uses. So it should be fair for me to call any other client shitty for other nonsense.
Uh you appear not to understand how encryption works? Either something is end-to-end encrypted, and the service provider doesn’t have access to the encryption keys, and thus can’t read the messages, or it is encrypted in transit, the keys are held by the provider and the messages are decrypted on the server. The latter is exactly what Telegram does, even though they falsely try to market it as something else.
What you said means they can be decrypted on the server. But there is no proof of that happening in the past. People got into problems not because someone uncovered their content in telegram, but because that content was effectively public from the beginning.
End to end encryption was created specifically so that the server could not access the data.
That’s right, but it’s not properly implemented in Telegram. https://eprint.iacr.org/2015/1177.pdf
So how many people use E2EE with Telegram?
And their ToS forbids alternative clients doing that. Say, using Pidgin with PGP or OTR. Since Pidgin plugins for TG and these exist, it’s not a limitation for me, but most people, again, don’t use Pidgin to chat in TG.
Alternate clients are blocked from using that functionality because they may include ability to capture data somewhere, for example taking a screenshot of a protected chat.
I meant normal E2EE, not TG’s “encrypted chats”.
And it’s not “that functionality”, it’s literally encoding messages into another layer over TG being forbidden.
There is no normal e2ee because there is no standard for implementation, especially when it comes to group chats with >2 people.
The Signal protocol is the de-facto standard for E2EE, and it works just fine even in large group chats. But you refuse to accept this reality. The Signal protocol is used by so many apps, obviously Signal itself, WhatsApp, Facebook Messenger, Instagram direct messages, Google Allo (back when it existed), Google Messages (RCS), Skype, Wire and many others. MTProto is developed by Telegram, only used by telegram, not properly audited and full of flaws. No one should actually use it. And the fact that it doesn’t support group chats is a design choice, because ultimately Telegram doesn’t give a fuck about their users privacy or security. They have repeatedly worked with governments and worked against the interests of their users. Their funding is also pretty unclear and shady, and the entire company just appears scummy. Give me one single reason why anyone should use this trash over a proper E2EE messenger like Signal, Threema, SimpleX or Wire.
You switched the topic of the discussion. My original comment stands, as it corrects some part of your first comment.
I didn’t suggest anyone to use telegram.
Even though those allegations are arguable, I know what you mean. And those cases don’t involve compromising the actual encryption from what I understand.
There are a few standards. OMEMO for group chats, though that, of course, requires support in the protocol itself, unlike OTR or PGP.
It doesn’t look like any of those are used by “major” messengers. Especially signal. This means “major” players prefer their own implementations, which removes the meaning from calling unused stuff a “standard”.
OMEMO is literally what’s used by Signal, but standardized separately and adopted for XMPP. You didn’t even bother to look it up apparently.
OTR is a time-honored standard. The issue is that it doesn’t work with multiple logins.
PGP is an even more time-honored standard. The issue is that keys aren’t temporary.
Also in cryptography the absolutely basic rule is to trust cryptographers, not “major players”, so what you wrote is not as smart as you think. Actually quite ignorant.
Cool. So that gives people authority to say “if it’s used by signal and is standardized then it should be used by everyone”?
Stop pretending that Telegram cares about the security of their users, because they clearly aren’t, as can be seen in their shitty encryption protocol, and the fact that by default all messages are stored on their servers in plain text
So if an app doesn’t support e2ee all data is being saved in plain text suddenly. You prefer calling telegram shitty because you don’t care to actually learn what it uses. So it should be fair for me to call any other client shitty for other nonsense.
Uh you appear not to understand how encryption works? Either something is end-to-end encrypted, and the service provider doesn’t have access to the encryption keys, and thus can’t read the messages, or it is encrypted in transit, the keys are held by the provider and the messages are decrypted on the server. The latter is exactly what Telegram does, even though they falsely try to market it as something else.
What you said means they can be decrypted on the server. But there is no proof of that happening in the past. People got into problems not because someone uncovered their content in telegram, but because that content was effectively public from the beginning.